VDB
CVE-2023-25619
CVE-2023-25619
PUBLISHED
CVSS 7.5 HIGH
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when a malicious project file is loaded onto the controller by an authenticated user.
EPSS 0.32% · 55.2th percentile
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.32%
55.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider Electric | Legacy Modicon Premium CPUs (TSXP57*) | All, * |
| Schneider Electric | Modicon M580 CPU (part numbers BMEP* and BMEH*) | prior to V4.10, prior to V4.10 |
| schneider-electric | bmep58s_firmware | |
| Schneider Electric | Legacy Modicon Quantum (140CPU65*) | *, All |
| schneider-electric | bmeh58s_firmware | |
| Schneider Electric | Modicon M340 CPU (part numbers BMXP34*) | *, prior to SV3.51 |
| schneider-electric | modicon_m340_firmware | 0, 0, 0 |
| schneider-electric | modicon_momentum_unity_m1e_processor_firmware | |
| Schneider Electric | Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) | *, All |
| schneider-electric | tsxp57_firmware | |
| schneider-electric | modicon_m580_firmware | 0, 0, 0 |
| Schneider Electric | Modicon Momentum Unity M1E Processor (171CBU*) | All, All |
| schneider-electric | modicon_mc80_firmware | |
| Schneider Electric | Modicon MC80 (BMKC80) | *, * |
Exploit Intelligence
Timeline
- Apr 11, 2023 CVE Published
- Apr 19, 2023 EPSS Score
- May 26, 2023 EPSS Score
- Jul 3, 2023 EPSS Score
- Aug 9, 2023 EPSS Score
- Sep 16, 2023 EPSS Score
- Oct 23, 2023 EPSS Score
- Nov 30, 2023 EPSS Score
- Jan 6, 2024 EPSS Score
- Feb 13, 2024 EPSS Score
- Mar 21, 2024 EPSS Score
- Apr 28, 2024 EPSS Score
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-05.pdf url
- https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-011-06_CODESYSV3_Runtime_Development_System_and_Gateway_Security_Notification.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-06&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-06.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-04.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-02.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-03.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-01.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-05_Modicon_Controllers_Security_Notification.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-313-05_BadAlloc_Vulnerabilities_Security_Notification.pdf advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-25619 advisory
- https://https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-05.pdf url